Hospital ransomware attacks are just a stepping stone to your industry

This week, hospital chain Medstar Health in Washington, D.C. was hit with a crippling ransomware attack that encrypted file systems on computers throughout the organization’s network. This is the third such case I’ve heard of in the past month, and the trend seems to be increasing within the healthcare industry, with hospitals being common victims. The outage costs for MedStar are thought to be about $1 million per day, yet the ransom being asked to decrypt all of the organization’s files is less than $20,000.

Why are ‎hospitals being hit with ransomware?

Here are some of the reasons:

Attackers know that the nature of critical health situations in hospital environment means there will likely be an urgency in trying to resolve any outages that occur. Hospitals just can’t let systems stay out of service for too long, or people might die. To date, outages in hospitals have probably been infrequent. But when a whole network is deliberately taken out of service by attackers, this is something hospitals probably haven’t typically had to deal with very much.

Many hospitals seem to be underfunded for security, which leaves them vulnerable. Many are also using older technologies that have vulnerabilities, and need to be upgraded. This isn’t a secret among attackers.

Hospitals and health care providers may also tend to have similar computer configurations and networks. Many may also have staff who have similar levels of awareness of IT security risks – that is, often low awareness of how these threats appear in their work environment.

Ransomware is relatively easy to deploy and get payment for using bitcoins – an anonymous form of payment – over untraceable portions of the Internet, without ‎being caught.

I expect that, as attackers learn to assess different industry business models, they will target new industry sectors in waves to exploit businesses with poorly trained staff. So, any industry that can be characterized with attributes such as those I listed above are likely to be targets in the near future.

What’s the solution?

For healthcare organizations – or any business that has very frequently updated records, and has a low tolerance for outages, or losing access to its data – you really need to have very frequent backups scheduled, in order to respond rapidly when an attack occurs.

You should also train staff on security awareness, with a regular schedule of updates on new trends. Today, it’s ransomware in healthcare organizations, but tomorrow, it could be something different, and even more damaging, in your industry.